private ClaimsPrincipal SignInUsingLogon(BasicSignInContext context)
{
var user = new StringBuilder(NativeMethods.CREDUI_MAX_USERNAME_LENGTH + 1);
var domain = new StringBuilder(NativeMethods.CREDUI_MAX_PASSWORD_LENGTH + 1);
if (NativeMethods.CredUIParseUserName(context.Username, user, user.Capacity, domain, domain.Capacity) != 0)
{
return(null);
}
IntPtr token;
if (!NativeMethods.LogonUser(user.ToString(), domain.ToString(), context.Password, NativeMethods.LOGON32_LOGON_NETWORK, NativeMethods.LOGON32_PROVIDER_DEFAULT, out token))
{
return(null);
}
var winIdentity = new WindowsIdentity(token);
var principal = new WindowsPrincipal(winIdentity);
if (principal.IsInRole(_options.AllowedGroup))
{
var claims = new[] {
//new Claim(ClaimTypes.Name, context.Username),
new Claim(Claims.RUser, ""),
// TODO: figure out how to avoid keeping raw credentials around.
new Claim(Claims.Password, context.Password),
};
var claimsIdentity = new ClaimsIdentity(claims, context.Options.AuthenticationScheme);
principal.AddIdentities(new[] { claimsIdentity });
}
return(principal);
}
public static bool IsSignInRequired(this BasicSignInContext context)
{
string path = context.HttpContext.Request.Path.ToString();
if (_skipSignInPaths.Contains(path))
{
return(false);
}
return(true);
}
private Task OnSignIn(BasicSignInContext context)
{
if (context.Password == "admin")
{
var claims = new[] { new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName) };
var identity = new ClaimsIdentity(claims, context.Scheme.Name);
context.Principal = new ClaimsPrincipal(identity);
}
return(Task.CompletedTask);
}
public async Task SignInAsync(BasicSignInContext context)
{
ClaimsPrincipal principal = (_options.Secret != null) ? SignInUsingSecret(context) : await SignInUsingLogonAsync(context);
if (principal != null)
{
context.Ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), context.Options.AuthenticationScheme);
}
context.HandleResponse();
}
private Task OnSignIn(BasicSignInContext context)
{
if ((context.Password == Environment.GetEnvironmentVariable("ReportPW")) && (context.UserName == Environment.GetEnvironmentVariable("ReportUser")))
{
var claims = new[] { new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName) };
var identity = new ClaimsIdentity(claims, context.Scheme.Name);
identity.AddClaim(new Claim(ClaimsIdentity.DefaultRoleClaimType, "All")); //Role = All
context.Principal = new ClaimsPrincipal(identity);
}
return(Task.CompletedTask);
}
public async Task SignInAsync(BasicSignInContext context)
{
if (context.IsSignInRequired())
{
context.Principal = _options.Secret != null
? SignInUsingSecret(context)
: await _authenticationService.SignInAsync(context.Username, context.Password, context.Scheme.Name);
}
else
{
var claims = new[] { new Claim(ClaimTypes.Anonymous, "") };
var claimsIdentity = new ClaimsIdentity(claims, context.Scheme.Name);
context.Principal = new ClaimsPrincipal(claimsIdentity);
}
}
private ClaimsPrincipal SignInUsingSecret(BasicSignInContext context)
{
if (_options.Secret != context.Password)
{
return(null);
}
var claims = new[] {
new Claim(ClaimTypes.Name, context.Username),
new Claim(Claims.RUser, "")
};
var identity = new ClaimsIdentity(claims, context.Options.AuthenticationScheme);
return(new ClaimsPrincipal(identity));
}
private ClaimsPrincipal SignInUsingLogon(BasicSignInContext context)
{
var user = new StringBuilder(NativeMethods.CREDUI_MAX_USERNAME_LENGTH + 1);
var domain = new StringBuilder(NativeMethods.CREDUI_MAX_PASSWORD_LENGTH + 1);
if (NativeMethods.CredUIParseUserName(context.Username, user, user.Capacity, domain, domain.Capacity) != 0)
{
return(null);
}
IntPtr token;
WindowsIdentity winIdentity = null;
if (NativeMethods.LogonUser(user.ToString(), domain.ToString(), context.Password, (int)LogonType.LOGON32_LOGON_NETWORK, (int)LogonProvider.LOGON32_PROVIDER_DEFAULT, out token))
{
winIdentity = new WindowsIdentity(token);
StringBuilder profileDir = new StringBuilder(NativeMethods.MAX_PATH);
uint size = (uint)profileDir.Capacity;
uint error = NativeMethods.CreateProfile(winIdentity.User.Value, user.ToString(), profileDir, size);
// 0x800700b7 - Profile already exists.
if (error != 0 && error != 0x800700b7)
{
return(null);
}
}
else
{
return(null);
}
var principal = new WindowsPrincipal(winIdentity);
if (principal.IsInRole(_options.AllowedGroup))
{
var claims = new[] {
//new Claim(ClaimTypes.Name, context.Username),
new Claim(Claims.RUser, ""),
// TODO: figure out how to avoid keeping raw credentials around.
new Claim(Claims.Password, context.Password),
};
var claimsIdentity = new ClaimsIdentity(claims, context.Options.AuthenticationScheme);
principal.AddIdentities(new[] { claimsIdentity });
}
return(principal);
}
public async Task SignInAsync(BasicSignInContext context)
{
ClaimsPrincipal principal;
if (context.IsSignInRequired())
{
principal = _options.Secret != null?SignInUsingSecret(context) : await _authenticationService.SignInAsync(context.Username, context.Password, context.Options.AuthenticationScheme);
}
else
{
var claims = new[] { new Claim(ClaimTypes.Anonymous, "") };
var claimsIdentity = new ClaimsIdentity(claims, context.Options.AuthenticationScheme);
principal = new ClaimsPrincipal(claimsIdentity);
}
if (principal != null)
{
context.Ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), context.Options.AuthenticationScheme);
}
context.HandleResponse();
}
private async Task <ClaimsPrincipal> SignInUsingLogonAsync(BasicSignInContext context)
{
var user = new StringBuilder(NativeMethods.CREDUI_MAX_USERNAME_LENGTH + 1);
var domain = new StringBuilder(NativeMethods.CREDUI_MAX_DOMAIN_LENGTH + 1);
uint error = NativeMethods.CredUIParseUserName(context.Username, user, user.Capacity, domain, domain.Capacity);
if (error != 0)
{
_logger.LogError(Resources.Error_UserNameParse, context.Username, error.ToString("X"));
return(null);
}
IntPtr token;
WindowsIdentity winIdentity = null;
string profilePath = string.Empty;
_logger.LogTrace(Resources.Trace_LogOnUserBegin, context.Username);
if (NativeMethods.LogonUser(user.ToString(), domain.ToString(), context.Password, (int)LogonType.LOGON32_LOGON_NETWORK, (int)LogonProvider.LOGON32_PROVIDER_DEFAULT, out token))
{
_logger.LogTrace(Resources.Trace_LogOnSuccess, context.Username);
winIdentity = new WindowsIdentity(token);
StringBuilder profileDir = new StringBuilder(NativeMethods.MAX_PATH * 2);
uint size = (uint)profileDir.Capacity;
if (NativeMethods.GetUserProfileDirectory(token, profileDir, ref size))
{
profilePath = profileDir.ToString();
_logger.LogTrace(Resources.Trace_UserProfileDirectory, context.Username, profilePath);
}
else
{
#if DEBUG
CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromMinutes(10));
#else
CancellationTokenSource cts = new CancellationTokenSource(TimeSpan.FromSeconds(10));
#endif
_logger.LogTrace(Resources.Trace_UserProfileCreation, context.Username);
var result = await _userProfileManager.CreateProfileAsync(new RUserProfileServiceRequest(user.ToString(), domain.ToString(), winIdentity.User.Value), cts.Token);
if (result.IsInvalidResponse())
{
_logger.LogError(Resources.Error_ProfileCreationFailedInvalidResponse, context.Username, Resources.Info_UserProfileServiceName);
return(null);
}
error = result.Error;
// 0x800700b7 - Profile already exists.
if (error != 0 && error != 0x800700b7)
{
_logger.LogError(Resources.Error_ProfileCreationFailed, context.Username, error.ToString("X"));
return(null);
}
else if (error == 0x800700b7 || result.ProfileExists)
{
_logger.LogInformation(Resources.Info_ProfileAlreadyExists, context.Username);
}
else
{
_logger.LogInformation(Resources.Info_ProfileCreated, context.Username);
}
if (!string.IsNullOrEmpty(result.ProfilePath))
{
profilePath = result.ProfilePath;
_logger.LogTrace(Resources.Trace_UserProfileDirectory, context.Username, profilePath);
}
else
{
if (NativeMethods.GetUserProfileDirectory(token, profileDir, ref size))
{
profilePath = profileDir.ToString();
_logger.LogTrace(Resources.Trace_UserProfileDirectory, context.Username, profilePath);
}
else
{
_logger.LogError(Resources.Error_GetUserProfileDirectory, context.Username, Marshal.GetLastWin32Error().ToString("X"));
}
}
}
}
else
{
_logger.LogError(Resources.Error_LogOnFailed, context.Username, Marshal.GetLastWin32Error().ToString("X"));
return(null);
}
var principal = new WindowsPrincipal(winIdentity);
if (principal.IsInRole(_options.AllowedGroup))
{
var claims = new[] {
//new Claim(ClaimTypes.Name, context.Username),
new Claim(Claims.RUser, ""),
new Claim(Claims.RUserProfileDir, profilePath)
};
var claimsIdentity = new ClaimsIdentity(claims, context.Options.AuthenticationScheme);
principal.AddIdentities(new[] { claimsIdentity });
}
return(principal);
}
